AIP-SSM inline mode Question

Unanswered Question
Aug 6th, 2008
User Badges:

Dear all


i have an ASA 5520 with ips module . i installed it since 3 weeks. For the ips module , it is installed in inline mode.

Till now i didnot see any events appeared on the sensor.i configured it to scan http traffic from any source to the inside LAN subnet (10.1.0.0/16)


can i know that if the sensor is working properly or not?? and how ???


The following is the configuration on the ASA:


access-list outside_mpc extended permit tcp any 10.1.0.0 255.255.0.0 eq www


class-map outside-class

match access-list outside_mpc


policy-map outside-policy1

class outside-class

ips inline fail-open sensor vs0


service-policy outside-policy1 interface outside.


please find the attached file for ips config.


Thanks





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Wed, 08/06/2008 - 07:58
User Badges:
  • Gold, 750 points or more

Your config looks very similar to my working ASA confis. The only exception is your virtual sensor entries in the ASA and the IPS. If you don't need them they can be left out.

Assuming your config is correct, you can try opening up your access list to more traffic and see if you get events. You can turn on signature 2004 for ICMP echo replies if you want to stimulate some events for yourself.

Actions

This Discussion